PingOne DaVinci is an orchestration platform that helps you design and create flows. Flows are constructed, logical paths that can contain both user-facing and backend elements.
DaVinci enables you to visualize the entire flow process. By controlling integrations and connections across multiple applications and identity ecosystems in a single platform, you can manage and troubleshoot complex user experiences such as sign-on and registration. The DaVinci APIs specifically guide users through these kinds of authorization and authentication tasks.
After you create a flow, you can associate the flow with a flow policy, and associate the flow policy with an application to make the flow available to the application’s users.
For PingOne DaVinci introductory information, see Introduction to PingOne DaVinci.
For information about orchestrating flows, see Flows.
For integrating flows into your application using APIs, see Launching a flow with an API call.
The following workflow outlines the interaction between PingOne applications and DaVinci flows and flow policies.
PingOne applications support a configuration option to assign DaVinci flow policies to the application. For information about creating DaVinci flows and flow policies, see Getting Started with DaVinci. For information on designating a DaVinci flow as a PingOne flow, see Setting a trigger type on the flow.
To initiate the flow, call the /{{envID}}/as/authorize
endpoint. (The supported grant types are authorization_code
and implicit
.)
The PingOne authorization service retrieves the application configuration data. Based on the configuration, the application can use either a PingOne sign-on policy or a DaVinci flow policy to determine the sign-on workflow. To assign DaVinci flow policies to applications, see Application Flow Policy Assignments.
For DaVinci flow policy use cases, the PingOne protocol service renders the sign-on flow page using a DaVinci widget. For more information about DaVinci widgets, see Launching a flow with the widget in the PingOne admin documentation.
The DaVinci widget manages the flow, and after the flow completes, the PingOne SSO Connector creates a session and passes control back to the protocol service to create an authorization response and send it to the application.
The application continues its normal flow, calling the PingOne token endpoint to obtain the tokens.
PingOne DaVinci endpoints are organized as follows:
Authorization and Authentication APIs
For information about PingOne DaVinci authorization and authentication flow APIs, connections, credentials, and user endpoints in an authorization context, see DaVinci Auth APIs.
Management APIs
For information about user and device management, flows and flow policy configuration, application configuration, and metrics, see DaVinci Management APIs.
See PingOne API domains in Working with PingOne APIs for the regional domains supported for DaVinci (and all other PingOne services).